Security & Compliance

Your data is never used to train AI.

End-to-end encryption, LGPD compliance, and granular access controls. Security is not a feature — it is the foundation.

LGPDAES-256GDPR AlignedSOC 2 Type II — Audit planned for Q3 2026

Foundation

Our security principles

Privacy by design

Every architecture decision starts with the question: "does this data need to exist?" We collect the minimum necessary, for the shortest time possible.

Full encryption

AES-256 at rest. TLS 1.3 in transit. Your audio and transcriptions are encrypted before touching any disk.

Verifiable transparency

You can request a copy, correction, or deletion of your data at any time. No forms. No waiting. One email to the DPO resolves it.

Optional data residency

Choose where your data lives. Processing in Brazil, Europe, or the US — as your jurisdiction requires.

Compliance

LGPD: your rights, guaranteed by design

We don't just comply with the law — we built the product around it.

Guaranteed rights for data subjects

Right of accessArt. 18, I
Right of correctionArt. 18, III
Right of deletionArt. 18, VI
Right of portabilityArt. 18, V
Right to revoke consentArt. 18, IX
Right to information on sharingArt. 18, VII

Key information

Data Protection Officer (DPO): dpo@transcriwise.com
Legal basis: Consent and contract execution
International transfer: Only to ASR providers, with standard contractual clauses
Retention: Data deleted 30 days after cancellation

Infrastructure

Six layers of protection

AES-256 Encryption

Military-grade encryption for data at rest. Each file has its own individual key.

TLS 1.3

All communication between your browser and our servers is encrypted. No exceptions.

Access control

RBAC with permissions per workspace, per user, and per resource. Every action is logged.

2FA Authentication

2FA available for all plans. SSO/SAML for Enterprise.

Audit logs

Complete verification of all operations. Who accessed, when, and what.

Backup and DR

Automatic backups with configurable retention. Incident recovery without data loss.

Data handling

How we handle your data

Uploaded audio

Processed by the selected ASR engine. Automatically deleted after transcription, unless configured otherwise.

Transcriptions

Stored encrypted in your workspace. Accessible only by you and authorized members. Exportable at any time.

Personal data

We only collect what is necessary to operate the service (email, name, plan). Never sold. Never shared for marketing.

AI models

None of your data is used to train models. Zero. LLM models process and discard — no retention.

Integrations

Minimal and revocable access. We connect with Google Drive, Dropbox, Zoom, and Slack — but only access what you authorize, when you authorize it.

Certifications

Certifications and roadmap

Active

LGPD CompliantAES-256GDPR Aligned

Planned

SOC 2 Type IIQ3 2026

ISO 27001Q4 2026

Frequently asked questions

Security questions

Have questions about security?

Our team responds within 24h. For DPA requests, subprocessor lists, or security reviews, write directly. security@transcriwise.com

Read Privacy Policy Read Terms of Use Request DPA